I would post on Truecrypt's forums, but they have an annoying policy that requires an ISP address to be provided during registration, which I am unwilling to use since it is connected to relatively personal information.

I have read that Truecrypt supposedly wipes passwords from memory on dismount, but I want to hear from someone here about what they think/know.

I would post on Truecrypt's forums, but they have an annoying policy that requires an ISP address to be provided during registration, which I am unwilling to use since it is connected to relatively personal information.

I have read that Truecrypt supposedly wipes passwords from memory on dismount, but I want to hear from someone here about what they think/know.

No kidding? Never seen anyone demand an ISP addy before signing up lol

Indeed, I was surprised. They say since doing that, they have observed reduced spam on their forum. I would think there are more reasonable ways to keep your site spam free.. They are the only one's to date I've seen doing it - and NOT the only spam free forum.

Then again, google sometimes requires a text message confirmation (mobile phone) before making a gmail acct (they ask for your cell, send you a number, ask for that number back on their sign up page)... I'm sure you've seen it.

Thanks for the reply. What about if the 'enter password' screen is up when the machine is rebooted/memory is swapped out? Is the key loaded into ram at that point, like it is at the windows logon screen?

The key will only be loaded into RAM after you type in the password (so you wouldn't be vulnerable at the boot up point)...if your PC is put to sleep, a password is NOT required after you wake it up (hence why the cold boot attack works).

TrueCrypt does not allow recovery of encrypted data without knowing the correct password or key. Truecrypt were unable to recover your data because they do not know and can not determine the password of your choice or your keys generated using TrueCrypt. The only way to recover the files you are trying to "crack" password or key, but it could take thousands or millions of years (depending on the length and quality of passwords or keyfiles, on software / hardware performance, algorithms, and other factors).